Quote from: BenCousins on July 28, 2012, 11:49 ampine i agree with everything you said about privnote and beleive me i dont use it but plenty of people do. I actually spend most my time sober (depression, anxiety makes the come downs from most things including alcohol just not worth it) so i dont actually order from here that much but when i do i use PGP but someone i know IRL is a vendor (aus vendor) and we were speaking about it and he was mentioning how many people who order form him send a privnote and he has to use javascript to view it so we were wondering what the exact danger is? now if he only uses his java script for privnote and tracking sites (official post ones) and TOR for SR mostly is there any real danger.Also I comend your PGP club but ive got the basics for the rare instances i use it down pat, but are you teaching any more advanced stuff to do with PGP/anonymity etc?sincerlyBenP.S. No blackhelicopters down here we buy them but we cant seem to work out how they can flyP.P.S I DO NOT USE FUCKING PRIVNOTEWell, I'm glad to hear it. It means I was wrong to rant at you, which is a relief.The exact danger is that your Oz vendor could be deanonymized by privnote with a malicious script from LE agents and simultaneously also become associated with dozens of drug related transactions when LE requests the private keys for those messages the vendor is checking. That's assuming that privnote is in fact an actual business and not simply just a front for a LEO, which I think it most likely is given that as kmf was saying everybody is suddenly all "fuck yeah, privnote" out of nowhere on here and other drug related forums.It is also not a good idea to use post tracking sites for locating packages in the mail system. This has nothing to do with Javascript and everything to do with the fact a record is being made of every query, and if a package is then found to contain product, then it is highly likely that the IP address of the person who made a query about that package on the tracking service will also be used to deanonymize the vendor/buyer. On that subject, many of us believe, including myself, that the postage tracking services of the world have a list of public Tor nodes which they check against any query. The result is that any query for a package made via Tor is going to secondary (customs taking a careful 2nd look). The ideal is not to have to check a package at all.Finally, most tracking services in the world require things like signatures, identity documents and physical presence at a post office in order to register your package onto the system. Again: not good from the get go.As for learning more advanced PGP, if you read the PGP thread in my signature, I'm pretty sure you'll be learning information which is new to yourself and most people, even if you already use PGP. Verifying signed PGP messages for example, or computing a hash to ensure your software downloads weren't compromised and so forth.